CVE-2025-3810 – WordPress WPBookit Privilege Escalation Vulnerability

May 9, 2025

CVE ID : CVE-2025-3810

Published : May 9, 2025, 3:15 a.m. | 22 minutes ago

Description : The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user’s identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user’s email addresses and passwords, including administrators, and leverage that to gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4454 – D-Link DIR-619L Wake_on_Lan Command Injection Vulnerability

Next Article CVE-2025-4452 – D-Link DIR-619L Buffer Overflow Vulnerability

Highlights

CVE-2025-4494 – JAdmin-JAVA Remote Authentication Bypass

May 9, 2025

CVE ID : CVE-2025-4494

Published : May 9, 2025, 10:15 p.m. | 2 hours, 3 minutes ago

Description : A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This Motorola Razr deal at Best Buy is the top offer I’ve seen on the flip phone

Google Maps can identify and save places in your screenshots – here’s how

T-Mobile is giving loyal users a free line right now – how to see if you qualify

CTA warns of tariff-fueled price hikes on consumer tech – but it’s not all bad news

Big Node, VS Code, and Mantine updates

Big Node, VS Code, and Mantine updates

Prepare for Contact Center Week with Colleen Eager

Preparing for the Unthinkable: Safeguarding People and Productivity During India-Pakistan Conflicts

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Windows 11 Microsoft Store tests Copilot integration to increase app downloads

Beyond APT: Software Management with Flatpak on Ubuntu

CVE-2025-3810 – WordPress WPBookit Privilege Escalation Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4495 – JAdmin-JAVA Cross-Site Scripting Vulnerability

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

ChatGPT for Mac app flaw left usersâ€™ chat history exposed

OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered

CVE-2025-4470 – SourceCodester Online Student Clearance System Cross-Site Scripting Vulnerability

CVE-2025-4494 – JAdmin-JAVA Remote Authentication Bypass

Best Practices to Secure your Supply Chains

Making Progress on Regression Testing

Connect SharePoint Online to Amazon Q Business using OAuth 2.0 ROPC flow authentication

CVE-2025-3810 – WordPress WPBookit Privilege Escalation Vulnerability

Related Posts